Skip to content

Fix Redfish credential loading for 'redfish list'#2430

Draft
ideaship wants to merge 1 commit into
mainfrom
fix/conductor-redfish-prepare-node-attributes-unpack
Draft

Fix Redfish credential loading for 'redfish list'#2430
ideaship wants to merge 1 commit into
mainfrom
fix/conductor-redfish-prepare-node-attributes-unpack

Conversation

@ideaship

@ideaship ideaship commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Problem

osism redfish list <host> ... connects to the BMC with empty credentials and fails against any BMC that requires authentication — silently, with no exception raised and nothing logged. The configured Redfish address is likewise dropped, falling back to the default https://{hostname}.

get_redfish_connection() is the only path that re-derives BMC credentials from the NetBox device secrets custom field, via _get_conductor_redfish_credentials(). _prepare_node_attributes() returns a (node_attributes, template_vars) tuple, but that helper (and _get_conductor_redfish_address()) still bound the whole tuple to node_attributes and then tested "driver_info" in node_attributes. On a tuple that is a membership test against the two tuple elements — always False — so both helpers short-circuited before .get() and returned None.

The tuple return was introduced when ironic.py was refactored; these two utils.py callers were never updated and had no test coverage.

Scope

The Ironic sync path is unaffected — it calls _prepare_node_attributes() directly (ironic.py:823), already unpacks the tuple, and pushes the same secrets-derived credentials into Ironic. So BMC access that goes through Ironic (deploy, clean, power) kept working; only the standalone redfish list command, which re-derives credentials on its own, was broken. This is why the defect went unnoticed.

Fix

  • Unpack the tuple at both call sites in conductor/utils.py.
  • Add regression tests for both helpers: redfish happy path, None-device guard, non-redfish driver, missing driver_info, and swallowed exceptions. The happy-path tests fail against the pre-fix code, pinning the behaviour.

Context

🤖 Generated with Claude Code

The `osism redfish list <host> ...` command connected to the BMC with
empty credentials. It builds a direct sushy connection via
get_redfish_connection(), which is the only path that re-derives BMC
credentials from the NetBox device "secrets" custom field through
_get_conductor_redfish_credentials(). That helper silently returned
None, None, so the connection fell back to anonymous auth and failed
against any BMC that requires authentication -- with no exception
raised and nothing logged. The configured Redfish address was
similarly dropped, falling back to the default https://{hostname}.

The Ironic sync path is unaffected: it calls _prepare_node_attributes()
directly (ironic.py:823), already unpacks the tuple, and pushes the
same secrets-derived credentials into Ironic. So BMC access that goes
through Ironic (deploy, clean, power) kept working; only the standalone
redfish list command, which re-derives the credentials on its own, was
broken.

The cause is in conductor/utils.py. _prepare_node_attributes() returns
a (node_attributes, template_vars) 2-tuple, but
_get_conductor_redfish_credentials() and
_get_conductor_redfish_address() still bound the whole tuple to
node_attributes and then tested `"driver_info" in node_attributes`. On
a tuple that is a membership test against the two tuple elements, which
is always False, so both helpers short-circuited before .get() and
returned None, None / None regardless of the device configuration. The
tuple return was introduced when ironic.py was refactored; these two
callers were never updated and had no test coverage.

Unpack the tuple at both call sites and add regression tests for both
helpers covering the redfish happy path, the None-device guard, the
non-redfish driver, missing driver_info, and swallowed exceptions. The
happy-path tests fail against the pre-fix code, pinning the behaviour.

Assisted-by: Claude:claude-opus-4-8
Signed-off-by: Roger Luethi <luethi@osism.tech>
@berendt berendt moved this from New to In progress in Human Board Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: In progress

Development

Successfully merging this pull request may close these issues.

3 participants